using System;

namespace Sedna.Core.Security
{
	/// <summary>
	/// this interface provides abstract logic to check subject credentials (e.g. a User's password)
	/// against the underlying credentials ciphering mechanisms (such as password hashing or whatsoever)
	/// 
	/// another purpose of the interface is to provide the ability to prepare open credentials for storing in 
	/// some location (like database). Usually this implies hashing an open-text form password before 
	/// storing it into a database.
	/// </summary>
	public interface ICredentialsService
	{
		/// <summary>
		/// checks an open actual credentials value against
		/// the ciphered expected one.
		/// </summary>
		/// <param name="expected">ciphered (if necessary, but anyway returned from <see cref="CheckCredentials"/> method) subject's credentials</param>
		/// <param name="actual">not-ciphered (or open-form) subject's credentials</param>
		/// <returns>true, if the underlying mechanism considers the two credentials identical (after necessary deciphering or hashing), or false otherwise</returns>
		bool CheckCredentials(object expected, object actual);


		/// <summary>
		/// prepares a open-form credentials to be stored somewhere 
		/// (e.g. hashes a password before storing it into a database)
		/// </summary>
		/// <param name="openFormCredentials">subject's credentials in an open-text form (i.e. not-ciphered)</param>
		/// <returns>subject's credentials in a form suitable for storage outside of the System (e.g. password hash)</returns>
		object SecureCredentials(object openFormCredentials);
	}
}
